Leadmonk EU GDPR compliance status

Last Revised on September 13, 2022

The Leadmonk GDPR Compliance Statement is aimed at making our users understand the nitty-gritty of the GDPR and how we are complying with it. In this GDPR Compliance document, "Owner", “Leadmonk”, "we", "us" and "our" means Leadmonk Technologies Private Limited.

1. What is GDPR?

An abbreviation for the General Data Protection Regulation, GDPR, is a European Union regulation designed for the protection of privacy and data in the European Union and the European Economic Area. It became effective on May 25, 2018. The GDPR allows the residents of the European Union to have greater control over their data and builds greater customer trust and credibility of businesses.

 

Under the terms of GDPR, not only do organizations have to ensure that personal data is gathered legally and under strict conditions but those who collect and manage it are obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners - or face penalties for not doing so.

 

GDPR applies to any organization operating within the EU, as well as any organizations outside of the EU which offer goods or services to customers or businesses in the EU.

 

Read more about the GDPR and the approach of the European Commission towards the protection of data and privacy of residents of the European Union on their official website.

2. What is personal data?

The term “personal data” has been defined in Article 4 (1) of the GDPR as any information related to an identified or identifiable natural person (Data Subject). A natural person is identified directly or indirectly through identifiers such as their name, identification number, location, and any other characteristic which signifies their physical, mental, social, cultural, or commercial identity. For example, mobile numbers, account numbers, credit card numbers, and physical addresses are all considered personal data.

 

The law also states that the regulation for data protection only applies to information about any natural person and not to information regarding any legal entities like an institution, a foundation, or a corporation. Any natural person has the legal capacity to acquire the protection of their data on birth and loses it upon his or her death.

3. How is Leadmonk complying with GDPR?

Leadmonk understands the need for privacy and data protection. Therefore, we want our users to trust our privacy policy and be confident about using our services for which we are elaborately discussing how information about Leadmonk users is collected from our various platforms such as our website, services, plug-ins, software, and other Downloadable Tools, and how do we use and disclose that information.

 

After a careful review of how we store, use and manage the personal data of our users, we have made several amendments to our privacy policy and terms of use in compliance with the GDPR Law. We have made all the updated policies available on our website for our users and visitors.

 

However, since GDPR is a new and broad regulation with no certification process, we have no process of verifying our compliance. Nonetheless, through our good-faith efforts, we believe we are in compliance, both now and as future developments come along.

4. Our Updated Privacy Policy tells you the source and the purpose of tracking your data

The updated Leadmonk Privacy Policy complying with the GDPR incorporates details about how we collect personal information about our users and through which services or “Platforms”. Our Platforms include our website, services, plug-ins, software, and other Downloadable Tools. We have also integrated with various external platforms such as Google, Microsoft Outlook, Stripe, PayPal, Zapier, Freshdesk, and many more for tracking personal data of Leadmonk users such as name, city, country, physical address and postal code, email address and mobile number. Additionally, we have laid down the purpose of using that information to maintain transparency about our operations with our users.

 

Leadmonk customers’ and users’ privacy terms are clearly communicated in our Privacy information. Leadmonk customers’ and end-users privacy terms are the sole responsibility of Leadmonk customers. They should be announced on the Leadmonk customer’s website.

5. Awareness

All employees responsible for software development & infrastructure maintenance of Leadmonk, are fully aware of the GDPR requirements. Also, code reviews are performed by the Data Protection Officer ([email protected]) before any code deployment to the platform. This ensures security breaches and bad practices are not implemented by e.g., a third-party temporary contractor or a Leadmonk employee, even if aware of GDPR requirements (this plays as a double human safety check).

6. Information we hold

Leadmonk stores data on 2 kinds of parties:

  • Our customers (i.e. the operators creating Leadmonk booking pages)

  • Our customers’ end-users (i.e. the users of our customers)

Leadmonk does not share, or resell, any kind of user data (whether data described in points 1 or 2 above). The data is not used for advertising (both 1 and 2) or analytics (on 2). Our business model is solely based on paid subscriptions (i.e. the user is not the product).

 

6.1. Information held on our users

Leadmonk collects account information for each user (we refer to them as customers in this article), including:

  • User first and last name, email, and profile picture

  • User payment details (includes invoicing information, e.g. company address and country — the credit card number is stored by Stripe)

We don't log user activity, except for system logs including IP, user agents, and time of connection. They are solely used for debugging and lawful purposes and retained for a maximum of 1 year.

 

6.2. Information held on our users' end-users

Information held on our users' end-users includes:

  • End-user name and email address (if provided by end-user, thus involving consent)

  • End-user phone number (if provided by end-user, thus involving consent)

  • End-user information shared in the booking form (if provided by end-user, thus involving consent)

This end-user identity information is stored on Leadmonk services, for as long as the Leadmonk customer wishes them to be stored in their Leadmonk database.

 

The information help on our users' end-users is solely the responsibility of our users (i.e. the individual appointments organizers using Leadmonk). It is the responsibility of our users to manage the data they hold in their personal Leadmonk dashboard. And to remove sensitive data if someone may happen to share it with them (e.g. Social Security Numbers, etc.). It is our responsibility to secure access to this data (i.e., only website operators can access it and have a right to rectification and deletion).

7. You can control the amount of information we collect about you

Leadmonk collects information about its users through direct interaction with them. Information is also gathered automatically by Leadmonk whenever a user uses our Platform and then the information from both sources is combined to obtain a complete piece of information.

We are concerned about the safety and security of our users. Hence, we request them to only provide information that is mandatory for using any of our Platforms. That will allow them to have greater control over the data that is being collected by us. Take, for example, if a user wishes to schedule a meeting, he or she may only require providing us with their name, email address, mobile number, and the date and time of the meeting.

Leadmonk allows you to customize your booking page. You can customize the way your clients book an appointment and let them know about your availability in advance so that you do not receive customer queries at unconventional hours. You can also save the details of regular customers to let them know about offers and coupons.

Leadmonk will notify you and your customers via email and SMS/WhatsApp about the details of the appointment or meeting once it has been scheduled.

Leadmonk stores user data involving consent (i.e.. a conversation both parties entered by will and exchanged e.g. emails). It is the Leadmonk customer’s responsibility to ensure user data is lawfully collected in the event. For instance, if the emails that get collected from the Leadmonk booking pages get re-used for marketing campaign purposes on an external system, the Leadmonk customer has to ask for user consent upon collecting this email.

Consent is provided by our users explicitly when proceeding with an action or task (eg. when they provide user data). Leadmonk allows its customers to prefill user data before sharing a booking page link with their clients. This data must have been provided by the customer user in a consented way, as it will get propagated to Leadmonk in an automatic way.

8. Integration with external platforms will not lead to a violation of data privacy

A Leadmonk user voluntarily provides us information while scheduling a meeting or an appointment which can be their name, mobile number, email address, location, and the email addresses of the other attendees of the meeting.

 

Users are also allowed to integrate their other calendars such as Google Calendar, Outlook/Office 365 calendar, Microsoft Exchange or Apple Calendars so that we can check the duration and status of the meeting or appointment. However, we do not track or monitor other information such as the names and email addresses of attendees of the meeting or any other details about the meeting in your Google Calendar, Outlook, Microsoft Exchange, or Apple Calendars.

 

Also, please note that all Leadmonk data processor providers such as Leadmonk, SendGrid, Stripe, Twilio, Kaleyra, Freshdesk, Freshmarketer, and Postmark have been checked to be all GDPR-compliant.

9. Hide details of your clients and appointments from other customers

A Leadmonk user voluntarily provides us information while scheduling a meeting or an appointment which can be their name, mobile number, email address, location, and the email addresses of the other attendees of the meeting.

 

Users are also allowed to integrate their other calendars such as Google Calendar, Outlook/Office 365 calendar, Microsoft Exchange or Apple Calendars so that we can check the duration and status of the meeting or appointment. However, we do not track or monitor other information such as the names and email addresses of attendees of the meeting or any other details about the meeting in your Google Calendar, Outlook/Office 365 calendar, Microsoft Exchange, or Apple Calendars.

 

All the information processed by Leadmonk is safe with us. Leadmonk will only let other customers and clients check the availability of slots for booking an appointment, but it does not allow them to view who has booked which slot.

10. View, edit, and control the access to your data

You can directly view and edit your data and that of your customers through your Leadmonk account. As a data controller, it will be your responsibility to make and abide by your own GDPR-compliant rules to control the access of your data to your staff, clients, and customers.

Leadmonk has also created a system through which you can limit the access of your staff to your data and control and edit the admin rights.

11. You have the right to withdraw consent of data processing with our New Cookie Policy

The updated Cookie Policy of Leadmonk talks about the technologies that are providing us assistance in accessing and storing information through the use of Cookies or other resources on a user’s web or mobile device while these users interact with our website. These technologies are also known as “Trackers”. These Trackers are directly managed by the Owner and are known as First-Party Trackers. Additionally, Leadmonk also makes use of trackers that enable services provided by a third party.

 

For some specific purposes, the users might also be asked for consent for sharing their personal information. However, even after consent is given, it can be withdrawn freely at any time. This has been done specifically in consideration of the GDPR so that the personal information of any user is not disclosed with any third-party tracker.

12. Ensure safe registration with our New Terms and Conditions

Our updated Terms and Conditions are used for governing how Leadmonk operates and all other legal relationships and agreements with the Owner. The complete details about account registration, account suspension, deletion, and renewal can be found in the Terms and Conditions section of Leadmonk. Our terms and conditions have been updated in compliance with the GDPR to ensure that our users have a safe and secure experience on our platforms.

13. Enhance your security with safe passwords

We recommend Leadmonk users keep their login credentials safe and confidential and therefore we recommend them to use a password that meets the highest standard of security as permitted by us.

14. Data Protection by Design and Data Protection Impact Assessments

Whenever Leadmonk develops a new system, security comes first when designing the architecture of such a system. Our first goal is to protect the integrity of the new production system, and the second goal is to protect the user data that's being stored and used by that system. Leadmonk developers are well educated in software and network security, which helped us build secure by design software over time.

15. Children

Leadmonk does not offer online services to children, due to the nature of the service provided (business-to-business). Children might still be able to use the Leadmonk scheduling services, from the website or apps of a Leadmonk customer. To this extent, the Leadmonk customer is responsible for checking against their own users and activities regarding children regulations.

16. Individuals’ rights

Leadmonk customers’ rights regarding GDPR are considered and enforced, including:

  • Right of access: our users can access all their data, without restriction, from the Leadmonk apps

  • Right of rectification: it's as simple as contacting us, we'll process all your rectification queries

  • Right of erasure: it's as simple as contacting us, we'll process all your erasure queries

  • Right to restrict processing: we don't process the data of our customers (and our customers’ end-users)

  • Right to data portability: our users may contact us anytime if they wish to get export of their data

  • Right to be informed: we clearly inform our users about the use that will be made of their data

  • Right to object: we handle all requests on this matter from our users and users' end-users (contact us)

  • Right not to be subject to automated decision-making including profiling: we don't do that (and never will)

17. Data breaches

Our team closely monitors any unauthorized system access and has put in place multiple preventive measures to reduce the attack surface on our systems and services. In the last 1 year, Leadmonk has had 0 major security issues. Leadmonk will notify their users of any data breach, 24h maximum after knowing about it and fixing the flaw. It is then the responsibility of our users to report this data breach to their end-users in due time.

18. Subject access requests

Leadmonk replies to all access requests (positively or negatively) within 2 weeks (the legal limit from GDPR is 1 month). We offer this free of charge for our customers (paid and free).

19. Frequently Asked Questions

The following are some frequently asked questions about the changes in the terms and conditions of use of Leadmonk and the responsibilities and liabilities of the Leadmonk users as well as the owner.

 

How to ensure safe registration at Leadmonk?

To use our services, a user has to register by creating an account and provide complete and truthful information. The users are responsible for keeping their login credentials safe and confidential and therefore we recommend them to use a password that meets the highest standard of security as permitted by Leadmonk. The users will hold complete responsibility for the activities occurring in their account under their username and password. Also, note that any product subscription is renewed automatically by Leadmonk.

 

How to terminate my account?

In case a user wishes to terminate their account and stop using a service, they can seek help from the tools provided for account termination on our Leadmonk application or they may directly contact Leadmonk via email at [email protected].

 

What if my personal data is disclosed?

Please note that in case a user feels that their personal data has been unduly disclosed or stolen or their privacy has been violated, they will need to contact the owner immediately and unambiguously. In case you have a query or wish to complain about a privacy breach, email us at [email protected].

 

What are the exclusive rights of the owner regarding the maintenance of the account?

  • The owner has the right to suspend or terminate a user’s account at any time and without notice if the user violates the Terms and Conditions or harms the owner, any other user, or third parties.

  • If an account of a user gets suspended or deleted, they will not be entitled to any claims for compensation or reimbursement.

  • Violation of laws and regulations will result in legal action taken against the user. If the user is found guilty, he or she will not be exempted from paying any applicable fees or price.

 

Do I have to sign any Data Processing Addendum (DPA)?

We have incorporated data Processing details into our Terms of Use that cover all visitors (including Leadmonk users who have an account with us, Leadmonk invitees who schedule meetings with a Leadmonk user, and Leadmonk viewers who are simply visiting the website) located in the European Economic Area, Switzerland, and the United Kingdom. There is nothing additional for you to sign or execute, and by accepting the Terms of Use, the DPA is already in place for you.

 

Does using Leadmonk make me comply with the GDPR?

Remember that in this case, Leadmonk is the data processor but you are the data controller. We have put in our best efforts to make sure you and your business are GDPR compliant. But ultimately, as the data controller, it is your responsibility to let us know the amount of personal data you are willing to share with your clients and customers.

18. Questions?

Feel free to reach out by email at [email protected] if you have any questions or need any clarifications.